Watch Out For These Phishing Attempts On Your Steam Account

By cwaltersMarch 5, 2009

PC World notes that phishers are now targeting Steam account holders. Games are an easy target because you can make quick money off of them and the security isn’t as high as with, say, credit cards. The site that first reported this, SpywareGuide, demonstrates two examples—steamgift.com and steamverification.com—that will attempt to trick you into giving them access to your digital library of games.

@Blueskylaw: As far as I know, steam is really convenient because, once installed you can download a copy of the game onto any computer you may happen to be using at the time. And without your username or password, no one else can use it unless they too also have a copy associated with their account.

@Blueskylaw: Steam holds just as much value as a boxed copy of a PC game because PC games cannot be resold due to the authentication codes that must be used.

The actual benefit comes from being able to log into any computer and download your games. Also there is no disk to worry about losing (or having to put in the dvd drive everytime you play). There are other benefits as well, but Steam is just as tangible as a box game that will only allow 3 installs.

@Blueskylaw: The trick is, the REAL value of a game, a book, or music, isn’t in that physical object that you pick up at a store. It’s the creativity of the persons responsible. The game designer, the writer, the musician.

The trick is that for centuries, it’s been the belief that the media is the message. It isn’t and never has been. It’s merely a vehicle for the creativity, and a vehicle that for the most part has been in the control of a handful of companies that print and distribute physical objects.

Now it’s possible for the creators to do their own distribution, or to have greater control and profits when working with larger firms. It also means that a much wider variety of work is now available, and things that would go out of print or out of stock can be kept and made available forever, since the space needed in the “store” is a handful of clusters on a hard drive.

A few weeks back, Steam had a sale on a lot of classic games. I picked up the original Half-Life for 99 cents. No, I can’t resell it. But when it’s a buck, who cares? If I tried to buy the actual disk, it would have cost me more in time and effort, much less the actual product, than just clicking a few buttons. In the 70’s, this would have been science fiction and not the reality of how we live.

Then there’s the environmental advantages. Even if you count in the need to generate the amount of electricity used, it’s a fraction of the resources needed to make and distribute those physical objects we’ve relied on for so long.

It’s a horribly overused term, but this is what is meant when something is called a paradigm shift: A complete reworking of how the general populace sees the world. Sure, there’s drawbacks that have to be worked with. And a horse can eat grass by the side of a road while you have to stop at a gas station to fill up your minivan. Yet somehow, I don’t see a resurgence in buggy whip sales…

And in addition to the lack of value, there is also the users’ reliance on the company’s continued existence. At least when you buy a paperback or a CD (or a non-DRM MP3) you can use it whether the seller is still in business or not.

BTW – “Reply” isn’t working for me. Works on Giz though, so I don’t think it’s my browser.

Wow, I’m amazed people would even think about buying a steam game on any site not steam or in the steam app. Steam IS a great way to get games though. They usually have a lower price than the disc based version. I was able to catch the weekend sale at the end of it while at work and buy Left 4 Dead for cheap then it automatically downloaded on my home computer ready to play by the time I got home. How awesome is that?

To people saying Steam games have no value, well, nothing has value intrinsically. It only has value if someone else is willing to pay for it, and there are quite a lot of people, myself included, who are willing to pay for and download games through Steam to avoid the hassle of the brick-and-mortar stores.

@Micromegas: Death to Gamestop! I don’t buy my games through brick and mortar much anymore. Steam, xbox arcade, ebay are my first stops for a game I want to purchase. Could have something to do with my living in a rural area :)

@Micromegas: They have no resale value. I can sell a copy of Diablo II, key and all, that I bought ten years ago and the buyer could still play online. I can’t do that with a game activated online. All of my Valve titles are tied to my account. Unless I sell someone access to my Steam account, I’m stuck with them.

@Diet-Orange-Soda: You have a point about reselling games, but it won’t be long before games purchased in actual brick-and-mortar stores are not resellable either. Game developers, particularly Epic Games, are trying to figure out a way to kill the resale market, and what Epic’s CEO has proposed more than once is to make it so that crucial data needed to play the game is left off the DVD, and the DVD comes with a code which you can use to download the missing data from Epic’s servers, but the code is only valid for the first console or PC that uses it, so the game would be useless to anyone but the first buyer.

So, yes, Steam games aren’t resellable but that will be the norm in the industry before long, so I don’t see it as a particular disadvantage of the Steam system.

@Diet-Orange-Soda: This is at best disingenuous. For the last while Blizzard has allowed people to register their CD keys to an account and retain full use of the keys, whether or not they have a disc. People can also get a Diablo II key banned–offline and online. Ditto ANY game with online multiplayer. Someone buying a used game with a CD key has NO idea as to whether or not the key is valid. And that can determine whethewr or not the game is playable, even if on the surface it seems fine.

It’s not a good idea for the buyer. Steam eliminates any possibility of a fraudulent key.

Do what I do–buy the physical copies of the game and register them on Steam. Ta-da! It won’t work for every game but I’ve accumulated quite a few that way.

WHY you want your games on Steam and not necessarily a disc: You can play your games on any computer at any time by logging into your account. If the computer doesn’t have the gam einstalled you can install it for free that way. If the computer does have it, it uses your authentication to play it. That way you can access your friend list as well as not worrying about if someone has had the game disabled for cheating. And there’s no limit on the number of downloads you can do, or computers you can have it on–just don’t play from multiple locations at once.

It’s still better than some physical copies entirely that use their own services to phone home for authentication every time you play. Steam authenticates once for offline content, and during the game for things hosted on its own networks. Something like Spore will be authenticating all the time and will not even allow you to play single player if it thinks something is awry. Steam only locks you out of multiplayer/online.

@Ratty: Considering most PC games that have been out for more than a year or two sell for $10 or less, there’s almost no point in buying used anyway.

Besides, I’ve never bought a PC game on CD-ROM that didn’t require downloading 200 MB worth of patches to make it playable. At least with Steam that’s automatic and I don’t have to track down the game company’s website.

@David Brodbeck: I’m in total agreement. Heck, you can even get NEW games for great prices with Steam much of the time. Left 4 Dead was all of $15 or 20 a few weeks back.

Digital distribution may have been seen as a passing phase… in 2004. It’s 2009 now. Steam no longer sucks and almost every PC game company offers online game distribution and re-downloading options for titles you already own. Blizzard saved me tons of cash this way by allowing me to register my Diablo/Warcraft/Starcraft CD keys to an account and just download the games free of charge any time. Before I would have had to re-buy the game and be stuck with exta CD keys just to legally get new CDs to reinstall.

If a console disc or cartridge breaks, you’re screwed, and console games don’t drop in price as rapidly as PC games. I stepped on my Starcraft installer discs by accident and won’t ever have to re-buy.

@Blueskylaw: I buy a lot of PC games from Steam. Honestly none of what you said bothers me enough not to. I can download copies of the games on any of my computers at home, or when I get a new one. I never sell old games anyway (PC games are harder to do this with regardless, but that’s another semi-related issue).

Above all else, it’s just the convenience of not having to drive to the store. And other than maybe for gift giving, I don’t derive any additional value from the physical box and CD. The only value I get is from playing the game, which is real value to me, and exists regardless of where I get it from.

But I’m just saying it works out great for me. YMMV. Nobody’s brainwashed me, though, thanks. I decided for myself what I wanted to do.

@Diet-Orange-Soda: Exactly. Not to mention Valve keeps fairly good tabs on accounts, and they can be suspended at a moments notice. If an account is reported stolen, it will be back in it’s owners hands eventually, but first it will be taken out of the thief’s hands.

The only way I could see the accounts having a resale value is if the buyer is instructed to download all the games they want, then disconnect the computer from the internet any time they want to play a game on the “account” since steam allows a limited offline mode.

jaghax.net is another site run by Zteve Zestner (the person listed in the whois data for one of the two sites). It’s a site about Runescape hacking/phishing. Kind of brave of this person, if this info is indeed correct.

br0kenrabbit: hi
Greg_ValveOLS: good evening
br0kenrabbit: What’s ip?
br0kenrabbit: up?
Greg_ValveOLS: my name is greg a member of the valve online Support team
br0kenrabbit: On MSN?
Greg_ValveOLS: yes Smiley
br0kenrabbit: Why?
Greg_ValveOLS: we logged multiple ips from your account and ned to verifi your information
br0kenrabbit: My information?
Greg_ValveOLS: we believe someone may have stolen your account mmmm you havent shared youre account infomation with anyone have you?
br0kenrabbit: No. I don’t even have it written down.
Greg_ValveOLS: hmmm maybe a keylogger on you r PC then maybe you need a format?
br0kenrabbit: Well…
Greg_ValveOLS: if you can verify your account information to me i can insure that only your ip have access to it Its a new security feature were trying because this happens so muchlogin names and passwords aint safe anymroe You know. Smiley
br0kenrabbit: Well
Greg_ValveOLS: dont worry this connect it secure
br0kenrabbit: Can I be honest with you, Greg?
Greg_ValveOLS: k
br0kenrabbit: Look, I don’t know how you go this MSN account name, don’t really care, either.
br0kenrabbit: Unlike you, I DO work for Valve. Trace my ip and you’ll see.
Greg_ValveOLS: huh?
Greg_ValveOLS: bs
br0kenrabbit: Trace it.
Greg_ValveOLS: how
br0kenrabbit: Start/run/cmd type Tracert and then my IP address and hit enter.
Greg_ValveOLS: oh k
br0kenrabbit: As an employee, I know that Valve employees will NEVER contact users over MSN. I also know a valve employee will NEVER ask a user for his/her username and password.
br0kenrabbit: I’m putting a temporary hold on your Steam account.
Greg_ValveOLS: why?
br0kenrabbit: Have you read the ToS?
Greg_ValveOLS: Tod?
Greg_ValveOLS: tos
br0kenrabbit: terms of service
Greg_ValveOLS: were?
br0kenrabbit: Greg, this is a serious infraction against the Tos. You are at risk of losing your account.
Greg_ValveOLS: why
br0kenrabbit: I just told you why
Greg_ValveOLS: Frowning smiley
br0kenrabbit: I need some information from you if you want me to unlock you account. I’m going to write you up but I will only suspend you account for three days, since this is your first infraction, okay?
Greg_ValveOLS: k
br0kenrabbit: First, what is the name the account is registered to. Not the user name, the persons real name who created the account. This is for verification purposes.
Greg_ValveOLS: xxxxx xxxxxxx
br0kenrabbit: Is this you?
Greg_ValveOLS: ya
br0kenrabbit: Are you the only user of this account?
Greg_ValveOLS: ya
br0kenrabbit: Okay, and what is the username
Greg_ValveOLS: xxxxxxxx
br0kenrabbit: Okay.
br0kenrabbit: I see you have purchased a few of our games, thank you. Smiley
Greg_ValveOLS: some. dude
br0kenrabbit: Do you always log on from the same IP?
Greg_ValveOLS: ya
br0kenrabbit: And who is your internet providers, your ISP?
Greg_ValveOLS: xxxxxxx
br0kenrabbit: Thank you. One moment, please, let me verify this information.
Greg_ValveOLS: am i gonna be bale to play 2nite?
br0kenrabbit: What is your city of residence?
br0kenrabbit: That depends on if you cooperate. You’re doing fine so far.
Greg_ValveOLS: xxxxxx
br0kenrabbit: Illinios?
Greg_ValveOLS: yes
br0kenrabbit: Okay. And what is the password associated with this account?
Greg_ValveOLS: xxxxxxx
br0kenrabbit: Okay. Do not try to log into steam. If you are connected now you need to log off.
Greg_ValveOLS: why
br0kenrabbit: So I can update your account.
Greg_ValveOLS: can I play 2 nite
Greg_ValveOLS: clan fight
Greg_ValveOLS: wont win without me heh
br0kenrabbit: Heh. You’ll have to wait a few minutes. Are you logged off?
Greg_ValveOLS: ya
br0kenrabbit: Okay. Give me just a moment.
br0kenrabbit: Try to log in now.
Greg_ValveOLS: k
Greg_ValveOLS: It says login failed wtf wtf!!@?
br0kenrabbit: Greg
Greg_ValveOLS: did u ban me???????????>WHY
br0kenrabbit: Greg
Greg_ValveOLS: what
br0kenrabbit: Valve will never ask for your username and password.
Greg_ValveOLS: what????
br0kenrabbit: I don’t work for Valve dude, but you just got pwnt.
Greg_ValveOLS: omg dude wtf why?
br0kenrabbit: Why were you trying to steal my account?
Greg_ValveOLS: i wanst
br0kenrabbit: Then why were you asking for my information?
Greg_ValveOLS: i was just making a joke but not cerious honest dude just give
my acount back pllllleeease i’m only 13 and save d up for like a year to buy it
br0kenrabbit: Greg
Greg_ValveOLS: dude pleas
Greg_ValveOLS: what
br0kenrabbit: Go mow some yards, bitch.

i’m confused. since the games are keyed into the acocunt that they are bought in and cannot be gifted unless you have extra copies, couldn’t the original owner of the account get their account back eventually from Steam (assuming customer service works, of course) with all the games intact? It’s not like the thief can run off with the account and sell off the games….

Remember this when you buy a pack of games. Steam won’t check to see if you already own a copy, though it will check to see if you already purchased the same title, e.g. if you buy Rome:Total War, then try to buy the Total War pack, Steam won’t tell you, nor will it give you an extra copy to re-gift, but it will stop you if you try to buy Rome:Total War again.

Also, you cannot do charge backs, or Steam will shut down your account.

I think the Zestner bit is a ruse. Do a pipl search for the e-mail address Bobfrap@gmail.com and you’ll find the owner has several postings on a digital forum.. that forum account is banned and it’s username is ‘Malapu’.

One of the earlier posts of “Malapu” points to his personal weblog of [malapu-pro.com]

Yep, I’ve already been hit by this. One of my friends forwarded me to a video. I thought “hey, I didn’t know Steam did videos!” Glanced at the URL as I was punching in my login to find a really random string of characters.

Changed my info to stay on the safe side. However, the guy who got phished and sent the video link to me doesn’t seem to have been as lucky :/

I dunno about the security being not being too high. Recently I was accused of trying to “hi-jack” another users account. For weeks I’ve been leaving messages on the STEAM support forums claiming my innocence in the matter and over 3 weeks this is all they’ve told me:

3-11-09
We have found activity in your Steam account related to the hijacking of another user’s Steam account.

Per the Steam Subscriber Agreement, we have disabled your account and any games contained in it. Your account will not be reactivated.